Scan for known CVEs from online databases.
https://github.com/aquasecurity/trivy
See Trivy doc.
https://github.com/anchore/grype
https://github.com/coreos/clair
Open source static analysis image vulnerability scanner by CoreOS.
Not as good quality, easy to use or reliable in my experience, see this issue
See Clair page.
https://www.aquasec.com/products/aqua-container-security-platform/
Container security - wraps docker socket to control + kill container launches
Scanner for docker images (company behind Nessus) - one client's tech hub had this. Scans happened 10-40 mins behind async because it's slow
https://docs.tenable.com/vulnerability-management/Content/ContainerSecurity/CSScanner.htm§
https://checkmarx.com/resource/documents/en/34965-19110-container-scans.html
Ported from various private Knowledge Base pages 2018+